The CISO's guide to securely handling layoffs

Follow these 10 best practices to limit risks to your organization.

Layoffs  >  A stressed businessman carries away his personal belongings in a cardboard box.
Zinkevych / Getty Images

Today’s economic reality means that most organizations are cutting jobs.

The situation is tough on all involved, but it presents an additional challenge for CISOs who must contend with the heightened security risks posed by laid-off workers who through either inadvertent activity or deliberate actions can harm the company. They might download data that they shouldn’t thinking it could help their career, not realizing that they’re doing anything wrong. They could not return company devices that they took home to work on. Or some of the remaining staff, embittered by the layoffs, might sabotage the company.

CISOs must be prepared for all such scenarios during these times, experts say.

“The CISO is paid to be suspicious,” says Gregory J. Touhill, a retired U.S. Air Force brigadier general who served as the first federal government CISO during the Obama administration. “While the evidence points to the fact that [the] vast majority of people aren’t malicious, the CISO needs to be acting as if every entity could turn into a malicious actor. It’s a very difficult task, particularly if the layoffs are occurring in the CISO’s organization itself.”

To limit the potential for a security incident as layoffs occur, experts offer the following 10 best practices:

To continue reading this article register now

The 10 most powerful cybersecurity companies